Information Disclosure

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

Casaos contains a vulnerability that allows attackers to retrieve sensitive configuration files and system debug information (CVSS 5.3).

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. No vendor patch available.

An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. [CVSS 7.8 HIGH]

A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data. [CVSS 3.3 LOW]

An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. [CVSS 6.5 MEDIUM]

Redcap versions up to 14.3.13 contains a vulnerability that allows attackers to enumerate usernames due to an observable discrepancy between login attempts (CVSS 5.3).

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Signal K Server is a server application that runs on a central hub in a boat. [CVSS 6.3 MEDIUM]

Signal K Server is a server application that runs on a central hub in a boat. [CVSS 5.3 MEDIUM]

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists. [CVSS 5.3 MEDIUM]

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used. No vendor patch available.

Reflected cross-site scripting (XSS) in the LIVE TV WordPress plugin version 1.2 and below allows unauthenticated attackers to inject malicious scripts into web pages viewed by other users. The vulnerability exists due to improper neutralization of user input during page generation, enabling attackers to steal session cookies, redirect users, or perform actions on behalf of victims through crafted URLs. No active exploitation has been confirmed, and the EPSS score of 0.01% indicates minimal real-world exploitation likelihood despite the XSS vector.

WP Messiah BoomDevs WordPress Coming Soon plugin through version 1.0.4 exposes sensitive system information to unauthorized access, allowing attackers to retrieve embedded sensitive data without authentication. The vulnerability stems from improper access controls on sensitive data endpoints, classified as CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere). With an EPSS score of 0.01% (2nd percentile), exploitation likelihood is minimal despite the information disclosure nature of the defect.

Direct Payments WP WordPress plugin through version 1.3.2 exposes embedded sensitive system information to unauthorized parties via CWE-497 exposure mechanisms, allowing attackers to retrieve confidential data without requiring authentication. The vulnerability affects all versions up to and including 1.3.2, with an EPSS score of 0.01% indicating minimal observed exploitation probability despite the information disclosure nature of the flaw.

Post Video Players WordPress plugin through version 1.163 exposes sensitive embedded data to unauthorized users via improper information disclosure mechanisms. The vulnerability allows attackers to retrieve sensitive system information that should be restricted from public access, affecting the plugin's core video playlist and gallery functionality. With an extremely low EPSS score of 0.04%, active exploitation appears minimal despite the information disclosure risk.

Information disclosure in Razvan Stanga's Varnish/Nginx Proxy Caching WordPress plugin through version 1.8.3 allows sensitive data embedded in cached responses to be exposed to unauthorized users. The vulnerability stems from improper handling of sensitive information during proxy caching operations, enabling attackers to retrieve cached data containing credentials, tokens, or other confidential material. No authentication is required to exploit this issue, and EPSS analysis indicates a 4.43% probability of exploitation (89th percentile), suggesting moderate real-world risk despite the lack of known public exploits.

Download Media Library WordPress plugin through version 0.2.1 exposes sensitive system information to unauthorized users via embedded data retrieval. The vulnerability allows unauthenticated attackers to access restricted system details without proper access controls, though real-world exploitation probability remains low (EPSS 0.04%). No public exploit code or active exploitation has been confirmed.

The Efí Bank Gerencianet Oficial WordPress plugin through version 3.1.3 exposes sensitive data by embedding it into sent HTTP requests or responses, allowing attackers to retrieve payment-related information without authentication. This information disclosure vulnerability (CWE-201) affects all installations of the affected plugin versions and is classified as low-risk based on EPSS score (0.04%, 12th percentile), with no public exploit code or active exploitation confirmed.

Flowbox WordPress plugin through version 1.1.6 fails to enforce proper access control, allowing attackers to exploit misconfigured security levels and bypass authorization checks. The vulnerability enables unauthorized access to functionality that should require elevated permissions, affecting all installations of the vulnerable plugin versions without authentication requirements.

The Terms descriptions WordPress plugin versions 3.4.10 and earlier expose sensitive data through embedded information in sent data, allowing unauthenticated attackers to retrieve embedded sensitive information. This information disclosure vulnerability (CWE-201) affects all installations of the plugin up to version 3.4.10. No public exploit code has been identified, and the EPSS score of 0.04% indicates minimal real-world exploitation probability, though the vulnerability remains a concern for sites storing sensitive term metadata.

Reuters Direct WordPress plugin through version 3.0.0 contains a missing authorization vulnerability allowing attackers to bypass access control restrictions and access protected functionality without proper authentication. The vulnerability stems from incorrectly configured access control security levels in the plugin, potentially enabling unauthenticated users to interact with sensitive features intended for authorized administrators or subscribers. With an EPSS score of 0.04% and low real-world exploitation signals, this issue presents minimal immediate risk but should be addressed through plugin updates.

Cross-site request forgery (CSRF) in Jayce53 EasyIndex WordPress plugin versions up to 1.1.1704 allows unauthenticated attackers to perform unauthorized actions on behalf of authenticated administrators by inducing them to visit malicious web pages. The vulnerability affects all versions from the earliest tracked through 1.1.1704. No public exploit code or confirmed active exploitation has been identified; EPSS probability is minimal at 0.02% (5th percentile), suggesting low real-world exploitation likelihood despite the CSRF vector.

ColorWay WordPress theme through version 4.2.3 embeds sensitive information in sent data, allowing unauthenticated attackers to retrieve embedded data without authentication. The vulnerability has an exceptionally low exploitation probability (EPSS 0.03%, 9th percentile) despite being information disclosure in nature, suggesting the sensitive data exposure requires specific conditions or limited practical impact. No active exploitation or public exploit code is documented at time of analysis.

Stored cross-site scripting (XSS) in Curator.io WordPress plugin through version 1.9.5 allows authenticated attackers to inject malicious scripts that execute in the browsers of other users viewing affected pages. The vulnerability stems from improper input sanitization during web page generation, enabling attackers with plugin access to compromise user sessions and steal sensitive data. While EPSS scoring indicates low exploitation probability (0.04%), the persistent nature of stored XSS and potential for privilege escalation warrant prompt patching.

Stored cross-site scripting (XSS) in the Audiomack WordPress plugin through version 1.4.8 allows authenticated attackers to inject malicious scripts into web pages, enabling session hijacking, credential theft, or defacement. No active exploitation detected (EPSS 0.04%, low percentile), but the vulnerability affects all installations of the vulnerable plugin versions and persists across page loads due to its stored nature.

Stored cross-site scripting (XSS) in Shuttle WordPress theme through version 1.5.0 allows authenticated users to inject malicious scripts that persist in the application and execute in the browsers of other users who view the affected content. The vulnerability has an EPSS score of 0.04% (14th percentile), indicating low real-world exploitation probability despite the moderate attack surface typical of stored XSS flaws. No public exploit code or active exploitation has been confirmed.

URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. This is a a bypass for the fix to CVE-2025-27221 that can expose user credentials. This issue has been fixed in versions 0.12.5, 0.13.3 and 1.0.4.

Stored cross-site scripting (XSS) in Yada Wiki WordPress plugin through version 3.5 allows authenticated users to inject malicious scripts that execute in the browsers of other site visitors. The vulnerability stems from improper input sanitization during web page generation, enabling persistent XSS attacks that could compromise site integrity, steal credentials, or perform actions on behalf of administrators. EPSS exploitation probability is very low at 0.04%, but the stored nature of the vulnerability means injected payloads persist across sessions.

Roxnor PopupKit popup-builder-block plugin through version 2.2.4 exposes sensitive system information to authenticated users via an information disclosure vulnerability. An authenticated attacker can retrieve embedded sensitive data that should not be accessible, potentially gaining insight into system configuration or other restricted information. The CVSS 4.3 score reflects low real-world impact (confidentiality only, low privileges required), and EPSS exploitation probability is minimal at 0.04%, indicating this is a lower-priority vulnerability despite affecting a WordPress plugin.

Aethonic Poptics WordPress plugin through version 1.0.20 exposes sensitive system information to authenticated users through an information disclosure vulnerability. Authenticated attackers with low-level privileges can retrieve embedded sensitive data without user interaction, though exploitation requires valid login credentials. The issue carries a modest CVSS score of 4.3 and extremely low EPSS probability (0.04th percentile), indicating real-world exploitation risk is minimal despite the confirmed vulnerability.

Sensitive data exposure in Contact Form 7 Mailchimp Extension plugin for WordPress (versions ≤0.9.68) allows unauthenticated remote attackers to retrieve embedded sensitive information through network-accessible endpoints. The vulnerability enables unauthorized access to confidential data with low attack complexity and no user interaction required. EPSS score of 0.05% (14th percentile) indicates low observed exploitation probability, and no public exploit identified at time of analysis.

Unauthorized remote attackers can retrieve embedded sensitive system information from o2oe E-Invoice App Malaysia plugin versions 1.3.0 and earlier without authentication (CVSS:3.1 AV:N/AC:L/PR:N). The vulnerability exposes confidential data through information disclosure, with EPSS exploitation probability at 0.05% (14th percentile). No public exploit identified at time of analysis, though the low attack complexity and unauthenticated attack vector make exploitation straightforward for adversaries with network access to vulnerable WordPress installations.

Local file inclusion in Edge-Themes Cinerama WordPress theme versions ≤2.9 enables unauthenticated remote attackers to read arbitrary server files through PHP file inclusion weaknesses. Despite the CVSS critical rating of 9.8, EPSS probability is low (0.17%, 38th percentile) with no public exploit identified at time of analysis. The vulnerability allows server-side file reading which could expose configuration files, credentials, and sensitive data without authentication requirements.

WP Project Manager plugin through version 3.0.1 exposes sensitive information in sent data due to improper information handling, allowing attackers to retrieve embedded sensitive data without authentication. The vulnerability affects all installations of the weDevs plugin and has been identified with an extremely low EPSS score (0.05%, 14th percentile), suggesting minimal practical exploitation likelihood despite the information disclosure classification.

Local file inclusion in reDim GmbH CookieHint WP plugin versions up to 1.0.0 allows unauthenticated attackers to read arbitrary files from the server filesystem through improper handling of filename parameters in PHP include/require statements. The vulnerability enables information disclosure by permitting attackers to access sensitive configuration files, source code, and other locally stored data without authentication. EPSS score of 0.14% indicates relatively low exploitation probability at time of analysis, and no public exploit code or active exploitation has been confirmed.

Reflected cross-site scripting (XSS) in INVELITY Invelity SPS connect WordPress plugin through version 1.0.8 allows unauthenticated remote attackers to inject malicious scripts into web pages viewed by other users. The vulnerability stems from improper input neutralization during web page generation and carries an extremely low exploitation probability (EPSS 0.04th percentile), suggesting minimal real-world attack motivation despite the CVSS scoring absence.

Broken access control in Cooked WordPress plugin versions ≤1.11.3 allows authenticated attackers with low-level privileges to bypass authorization checks and gain unauthorized access to high-privilege functions. The vulnerability stems from missing authorization validation (CWE-862), enabling privilege escalation and unauthorized data manipulation. With CVSS 8.8 and EPSS probability of 0.06% (18th percentile), real-world exploitation risk is moderate; no public exploit identified at time of analysis.

Authorization bypass in Wappointment WordPress plugin versions ≤2.7.6 enables low-privileged authenticated attackers to perform unauthorized actions with high impact to confidentiality, integrity, and availability. The vulnerability stems from missing authorization checks (CWE-862), allowing authenticated users to access or modify data beyond their intended permission level. EPSS score of 0.06% (18th percentile) indicates low observed exploitation probability, and no confirmed active exploitation (CISA KEV) or public exploit code is identified at time of analysis.

Broken access control in SALESmanago WordPress plugin allows authenticated attackers with low-level privileges to bypass authorization checks and gain unauthorized access to high-privilege functions. Affects versions up to 3.9.0. The vulnerability enables complete compromise of confidentiality, integrity, and availability within the plugin's scope. EPSS score of 0.06% (18th percentile) suggests low observed exploitation probability, and no public exploit identified at time of analysis.

VPSUForm WordPress plugin versions 3.2.24 and earlier expose sensitive embedded system information to unauthorized users via improper access controls, allowing attackers to retrieve data that should be restricted to administrators or authenticated users. The vulnerability affects a widely-deployed WordPress form plugin and has an EPSS score of 0.05% (low exploitation probability), with no confirmed active exploitation or public exploit code at the time of analysis.

HappyDevs TempTool plugin for WordPress exposes sensitive system information through an information disclosure vulnerability affecting versions up to 1.3.1. The vulnerability allows unauthorized parties to retrieve embedded sensitive data by exploiting improper access controls, specifically in the [Show Current Template Info] functionality. With an EPSS score of 0.04% and no CVSS vector assigned, exploitation likelihood is low, though the information disclosed could inform secondary attacks.

The Online Food Delivery System by Restajet Information Technologies through version 19122025 fails to restrict repeated authentication attempts, enabling password recovery exploitation and unauthorized account access. With a CVSS score of 9.1 (critical severity) and unauthenticated network-based attack vector, attackers can brute-force credentials without lockout mechanisms. No public exploit is identified at time of analysis, with EPSS probability at 0.07% (22nd percentile). The vendor did not respond to early disclosure attempts by Turkey's national CERT (USOM).

WP AI CoPilot plugin for WordPress versions through 1.2.7 exposes sensitive information embedded within sent data, allowing attackers to retrieve confidential details without proper access controls. The vulnerability stems from inadequate handling of sensitive data in communications, classified as information disclosure with an EPSS score of 0.04% indicating low real-world exploitation probability. No public exploit code has been identified at time of analysis.

Remote code execution in Mozilla Firefox via use-after-free in Disability Access APIs allows unauthenticated network attackers to compromise browser integrity with high impact. The vulnerability (CWE-416) affects Firefox versions prior to 146.0.1 and requires no user interaction or special privileges. With CVSS 9.8 (Critical) but low EPSS (0.07%, 21st percentile), real-world exploitation probability remains limited despite theoretical severity. No public exploit identified at time of analysis, and vendor-released patch 146.0.1 available.

Unicode right-to-left override (RTLO) characters in malicious websites can spoof filenames displayed in Firefox for iOS downloads UI, potentially tricking users into saving files with misleading extensions and types. Affects Firefox for iOS versions prior to 144.0; requires user interaction to download a file. The vulnerability has low real-world exploitation probability (EPSS 0.04%) despite the moderate CVSS score, as it relies on social engineering and user inattention rather than automatic code execution.

Stored HTML injection in Nozomi Networks CMC and Guardian Asset List functionality allows unauthenticated remote attackers to inject malicious HTML tags into asset attributes via crafted network packets, enabling phishing and open redirect attacks when victims view affected assets. CVSS 5.3 (medium severity) with user interaction required; exploitation is bounded by existing Content Security Policy and input validation that prevent full XSS and direct information disclosure.

DigitalME eRoom eroom-zoom-meetings-webinar plugin through version 1.5.6 exposes sensitive data in sent communications due to improper data handling, allowing unauthenticated remote attackers with user interaction to retrieve embedded sensitive information across site boundaries. EPSS exploitation probability is low at 0.04%, but the vulnerability affects confidentiality, integrity, and availability through information disclosure mechanisms that may be chained with other flaws.

Information disclosure in Storybook for Node.js versions 7.0.0 through 10.1.9 exposes environment variables from `.env` files when using `storybook build` command. Unpatched projects building Storybook in directories containing `.env` files risk bundling sensitive credentials into publicly viewable artifacts. Unauthenticated attackers accessing published Storybook bundles can extract secrets from source code. Runtime dev mode, CI builds using platform environment variables, and co-located applications remain unaffected. No public exploit identified at time of analysis.